eclipse.platform.swt icon indicating copy to clipboard operation
eclipse.platform.swt copied to clipboard
verified publisher icon eclipse-platform

[Mac Sonoma] "WARNING: Secure coding is not enabled for restorable state" warning message

Open Phillipus opened this issue 1 year ago • 9 comments

The issue When running Eclipse or an RCP app on macOS Sonoma a warning message is written to the console:

eclipse[4647:170325] WARNING: Secure coding is not enabled for restorable state! Enable secure coding by implementing NSApplicationDelegate.applicationSupportsSecureRestorableState: and returning YES.

I've Googled this and it seems that this could lead to a vulnerabilty and needs to be addressed. For example see here:

https://stackoverflow.com/questions/77283578/sonoma-and-nsapplicationdelegate-applicationsupportssecurerestorablestate?rq=2

I'm reporting this against SWT because SWT provides the native implementations of Mac classes such as NSApplicationDelegate.

@lshanmug what do you think? Can SWT implement applicationSupportsSecureRestorableState in NSApplicationDelegate?

To Reproduce The only way to see this warning message is to run Eclipse on Mac Sonoma from the command line so the message is written to the console in the Terminal app:

  1. Open the Mac Terminal app and run the following command: Eclipse.app/Contents/MacOS/eclipse
  2. The warning message is written to the terminal window

Expected behavior The warning message should not appear.

Environment: macOS Sonoma 14.5 MacBook M2 aarch64 Temurin JDK 17.0.11+9 Eclipse 4.31 and latest 4.32 I builds

Phillipus avatar May 14 '24 10:05 Phillipus

Actually, after debugging this some more, the warning message appears before any SWT components are created. It occurs in equinox:

https://github.com/eclipse-equinox/equinox/tree/master/features/org.eclipse.equinox.executable.feature/library/cocoa

And so, if it is possible to implement this, it will be in the native JNI code here:

https://github.com/eclipse-equinox/equinox/tree/master/features/org.eclipse.equinox.executable.feature/library/cocoa

Phillipus avatar May 14 '24 11:05 Phillipus

Could someone transfer this issue to https://github.com/eclipse-equinox/equinox please? This is not SWT.

Phillipus avatar May 14 '24 11:05 Phillipus

You could just copy it there since the issue is new and no discussion really happened :)

fedejeanne avatar May 14 '24 11:05 fedejeanne

Copied to https://github.com/eclipse-equinox/equinox/issues/630

Phillipus avatar May 14 '24 11:05 Phillipus

Re-opening this. PR for SWT incoming...

Phillipus avatar May 15 '24 07:05 Phillipus

PR https://github.com/eclipse-platform/eclipse.platform.swt/pull/1231 will fix the issue for SWT, but as Equinox JNI also creates a NSApplication when creating its splash screen a similar fix needs to be applied there, too. See https://github.com/eclipse-equinox/equinox/issues/630

Edit - https://github.com/eclipse-platform/eclipse.platform.swt/pull/1231 causes a CTD.

Phillipus avatar May 15 '24 08:05 Phillipus

@lshanmug @Phillipus as you both seem to be knowing something about Mac and the launcher I have some question, currently SWT requires to pass the -XstartOnFirstThread (FYI @akurtakov ) but for example AWT seem to include some code to not require this, do you probabbly have any idea how the JDK is doing that so we can probably incooperate that as well (either Equinox or SWT)?

laeubi avatar May 20 '24 04:05 laeubi

-XstartOnFirstThread is a Mac only parameter AFAIK thus I can't help more here.

akurtakov avatar May 20 '24 05:05 akurtakov

I can;t help with -XstartOnFirstThread maybe @lshanmug knows?

I found this:

https://stackoverflow.com/questions/28149634/what-does-the-xstartonfirstthread-vm-argument-do-mean

Phillipus avatar May 20 '24 08:05 Phillipus